Users

The User entity represents individual accounts within the Wrkbelt platform. It serves as the foundation for authentication, authorization, and multi-tenant access control.

Schema Definition

type User = {
  // Base Properties
  _id: string;              // MongoDB ObjectId
  first_name: string;       // Required
  last_name: string;        // Required
  email: string;            // Required, Unique
  hashed_password: string;  // Required, Excluded from queries by default
  avatar_file?: string;       // Optional, Reference to File
  memberships?: string[];   // Optional, Array of Membership ObjectIds
  
  // Timestamps
  createdAt: Date;          // Auto-generated
  updatedAt: Date;          // Auto-updated
} & BaseEntity;

Field Descriptions

Base Properties

Field	Type	Required	Unique	Description
`_id`	ObjectId	Yes	Yes	Unique identifier for the user
`first_name`	string	Yes	No	User's first name
`last_name`	string	Yes	No	User's last name
`email`	string	Yes	Yes	Primary email address used for authentication
`hashed_password`	string	Yes	No	Securely hashed password (bcrypt), excluded from queries by default
`avatar_file`	ObjectId	No	No	Reference to File
`memberships`	ObjectId[]	No	No	Array of references to associated Membership documents

Timestamps

Field	Type	Description
`createdAt`	Date	Automatically set when the user is created
`updatedAt`	Date	Automatically updated when the user is modified

Type Variations

UserSanitized

A safe version of the User entity with sensitive fields removed:

type UserSanitized = Omit<User, 'hashed_password'>;

UserForSession

A minimal version used in session management:

type UserForSession = Pick<
  User,
  '_id' | 'first_name' | 'last_name' | 'avatar_file' | 'email'
>;

UserPopulatedWithMembershipsAndRoles

Fully populated version with membership and role information:

type UserPopulatedWithMembershipsAndRoles = User & {
  memberships: MembershipPopulated[];
};

Relationships

Primary Relationships

User → Memberships (One-to-Many)
- A user can have multiple memberships
- Each membership represents a role-based association with an organization
- Referenced via memberships array field
User → Files (One-to-Many)
- A user can own multiple files
- Files can be private to the user or shared within their organization
User → TemporaryLinks (One-to-One)
- Users can create temporary links
- Links are always associated with the user's current organization context

Indirect Relationships

User → Organizations (Many-to-Many through Memberships)
- Users can belong to multiple organizations
- Access is managed through membership roles
User → Roles (Many-to-Many through Memberships)
- Users have roles within each organization
- Roles determine permissions and access levels

Validation

first_name: Required string
last_name: Required string
email: Required string, must be unique
hashed_password: Required string, excluded from queries by default
avatar_file: Optional reference to File
memberships: Optional array of references to Membership documents

Security Considerations

Password Security
- Passwords are never stored in plain text
- Uses bcrypt for secure password hashing
- hashed_password is excluded from queries by default
Access Control
- Users can only access resources within their organization context
- Access is controlled through role-based permissions
- Session management tracks the user's active organization
Data Privacy
- Sensitive fields are sanitized in responses
- Different type variations for different security contexts
- Proper tenant isolation through membership context

Usage Examples

Creating a User

const user = {
  firstName: "John",
  lastName: "Doe",
  email: "john.doe@example.com",
  password: "securePassword123" // Will be hashed
};

Schema Definition​

Field Descriptions​

Base Properties​

Timestamps​

Type Variations​

UserSanitized​

UserForSession​

UserPopulatedWithMembershipsAndRoles​

Relationships​

Primary Relationships​

Indirect Relationships​

Validation​

Security Considerations​

Usage Examples​

Creating a User​